Application Security Terminology

Glossary

Invalid HTTP Method Usage

Invalid HTTP Method Usage describes an attack vulnerability that exploits HTTP requests. The HTTP protocol defines a set of request methods (GET, PUT, TRACE, etc.) to achieve a desired action to be performed on a given resource. When these guidelines aren’t followed, the security of an application is at risk. For example, the GET method should only retrieve data; it is not intended to contain sensitive information or change the site state.

When used incorrectly, HTTP requests can lead to Invalid HTTP Method Usage attacks, and these can lead to exposures such as Cross-Site Request Forgery, Information Leakage, and accidental damage through crawlers, compromising the integrity of your application.